Safeguarding Critical Data: at Rest, in Transit, and in Use

This webcast presents highlights from a series of Aberdeen's recent benchmark research in the area of data protection, including: "Data Loss Prevention"; "PCI DSS and Protecting Cardholder Data"; "Managing Encryption and the Encryption Key Lifecycle"; and "Protecting the Database".

**At the end of the session we're giving away a $2,950 guest pass to the Cyber Security & Digital Forensics Exchange (http://www.cyber-securityexchange.com). The pass is for the entire 3 day event, and includes meals and two night hotel accommodation. The winner will be chosen at random. To be entered into the draw you must attend this live webcast.**

Today’s corporate leaders face multiple challenges, including the need to innovate in extremely competitive business climates, address highly dynamic regulatory and compliance challenges, and secure the enterprise against a wide barrage of new and evolving sophisticated threats. Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. Organizations often take a bottoms-up approach to security and continually build on top of their existing security investments. This technology-centric approach often creates an excessively complex and disjointed security infrastructure that is difficult to manage and prone to operational inefficiencies which can escalate IT costs.

The need to be able to integrate security with business functions and operations exists more than ever. A Business-Driven approach can achieve end-to-end security that supports business goals such as driving innovation and reducing organizational costs, as well as operational requirements to address compliance measures, protect against internal and external threats, and prioritize the security risk management activities that make the most sense for their organization. In this webcast presentation we will address how to implement a solid Business-Driven security strategy within your organization.

Derek Brink, VP and Research Fellow IT Security and GRC, Aberdeen Group

Aberdeen’s research finds that companies who pay attention to security for developed applications – if they pay attention at all -- leverage three distinct strategies:

Inspection (“Find and Fix”)
Additional layers of protection (“Defend and Defer”)
Prevention (“Secure at the Source”)

The trends towards a more dynamic user experience and integration with back-end services are powering even more complex web applications – a rise in enterprise mobile applications as well. All of which makes deciding which approach(es) to use for application security is a multifaceted business decision – one part context, one part judgment, and one part philosophy.

Embedding security from the beginning of the software development lifecycle is not for everyone, but Aberdeen’s research confirms that it does yield the best results. This presentation provides insights into the benefits and tradeoffs of addressing security as part of the software development lifecycle.

This panel will tackle the unique challenges faced by businesses in Financial Services as they try to enter the growing mobile app market. We will bring together perspectives from vendors and researchers focusing on the topic and end users implementing the solutions and dealing with the day-to-day challenges.

Andrew Borg, Research Director, Aberdeen Center of Excellence for Mobility

BYOD's rapid adoption is widely discussed, but a thorough examination of its actual cost to the organization has been lacking. Expanding mobile access to the greatest number, within the constraints of capital equipment budgets, is one of the undeniable benefits of a well-managed policy. But BYOD also brings significant challenges: the increasing power and complexity of devices adds to the cost of support; cost controls are disaggregated; and new risks regarding security and compliance.

Aberdeen Group describes a best practices approach to address these concerns, derived from its recent study of more than 560 organizations in 45 countries.

Derek E. Brink, CISSP, VP & Research Fellow for IT Security, Aberdeen Group

"Right to Choose" vs. "Right to Wipe" – which sounds like a polarizing election-year issue – refers to the tension between enterprise end-users wanting to use their own smartphones and tablets to access enterprise resources, and enterprise IT departments wanting to ensure that they can centrally lock / erase / wipe enterprise data if the device is lost or stolen.

This presentation summarizes an Aberdeen Group analysis of more than 430 organizations, which indicates that end-users are actually most productive and most satisfied when they have the freedoms of BYOD, but within certain boundaries and protections.

Are your cloud concerns valid? This panel will focus on identifying the major perceived barriers to business adoption of cloud computing from the perspectives of security, compliance, privacy and policy. The goal is to separate founded and unfounded concerns and help IT security professionals and C-level executives make educated cloud decisions for their business.

Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group

In its fifth annual study on best practices in data loss prevention (DLP), Aberdeen analyzed and compared the results from more than 600 organizations which have adopted one of four distinct approaches to the operational use of DLP technologies. The best approach, in terms of balancing enterprise risk and reward, is like the ideal referee in sports: one that makes good calls and enforces the rules regarding safety and fair play, but generally doesn't get in the way of the people playing the game.

Consumerization of IT and BYOD represent an opportunity and a challenge for businesses. At the crux of the issue is the tension between enterprise IT professionals who are tasked with establishing and enforcing policies and end-users who care about mobility and freedom anytime, anywhere. This webinar will explore how establishing the right BYOD policy can help a company embrace the consumerization of IT while keeping their enterprise secure.

So you've successfully gotten started with your application security initiative -- now what? How do you take securing your applications to the next level?

Characteristics of the companies achieving top performance in application security include:

- Start from a solid foundation of testing
- Start small (e.g., with a proof-of-concept) and then expand by building on your success
- Establish a risk-based approach on what vulnerabilities to address and when
- Partner between the IT Security and Application Development teams to expand your program beyond testing to create a true software assurance program

Research from Aberdeen Group confirms that bringing about a systemic change across the entire software development lifecycle -- i.e., to become "secure at the source" -- yields the best results.

In addition to the use of several enabling tools and technologies -- including application vulnerability scanning, penetration testing, manual source code reviews, static source code analysis and verification, and dynamic source code analysis and verification -- this webinar will review the "people and process" capabilities that most strongly differentiate the top performers.

Today’s headlines provide ongoing evidence that IT Security teams are losing the battle against attackers, reinforcing the need to address the security of enterprise applications. If your organization hasn’t gotten started yet in the area of application security – in spite of the dynamic nature of the application security threat landscape, the size and diversity of your application software portfolio, and the significant financial impact of the average application security-related incident – do it because of the positive impact on your bottom line. This web seminar will outline and provide tangible directives for you to build and execute an Application Security initiative.

Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group

Two publicly disclosed attacks on the infrastructure for issuing SSL Server Certificates made headlines in 2011 â in large part based on the evidence that they were part of a state-sponsored effort to hijack the trust of legitimate domain names, and thereby gather private or sensitive information from its unsuspecting citizens. From the perspective of the countless enterprises that rely upon the global foundation of trust provided by SSL Server Certificates, however, the three key implications should be a renewed preference for top quality Certification Authorities, a continued shift toward higher assurance EV SSL Server certificates, and a higher priority for assessing the risk of current certificate revocation mechanisms.

Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group

Extended Validation (EV) SSL Server Certificates are designed to address the need to increase end-user confidence in transacting online, by establishing a higher level of assurance that they are on a legitimate web site and that their personal data is being encrypted while in transit. Aberdeen's research and analysis indicates that the strongest near-term growth for EV SSL Server Certificates will come from Small businesses (<$50M in annual revenue), particularly in the EMEA and Asia / Pacific geographies.

Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group

Perhaps one of the most overlooked areas for improved key management involves deployments of SSL Server Certificates and Extended Validation (EV) SSL Server Certificates â the latter which require a more rigorous vetting process to confirm the identity of the requesting site owner before being issued.

Aberdeen's research shows that leading performers were 1.7-times more likely than lagging performers to have current deployments of EV SSL Server Certificates, providing their end-users with a higher level of assurance of a legitimate web site and greater confidence in conducting online transactions.

The threat landscape is escalating, and the nature of vulnerabilities and threats is changing. If your strategy has been to assume that your organization is immune, you may want to consider the latest evidence to adapt.

At a blended business/technical level, this panel will discuss:
• Techniques currently being used by attackers
• Emerging vulnerabilities and threats
• Strategies and solutions currently available
• Examples of effective and cost-efficient tools

In a study of more than 160 organizations, Aberdeen found that respondents annually spend an average total of $2,150,000 in IT Security-related activities: $870,000 invested in their IT Security initiatives, plus an additional $1,280,000 in costs related to IT Security incidents that were not avoided in spite of these investments. This works out to approximately $220 per employee per year, or roughly 0.2% of annual revenue – less than many companies spend on complimentary tea and coffee. But how have some companies successfully optimized the balance between their annual investments in IT Security initiatives, and the additional financial impact of IT Security-related costs not avoided – the very essence of a risk-based approach?

Companies of all sizes are trying to make sense of the incredible volume of data that is being generated by their computing infrastructure and their existing security solutions. Much like the children ice-skating game of "crack the whip", Aberdeen's research indicates that closing the performance gap between leaders and laggards in the front-end – i.e., collecting and managing the data (log management) – helps to accelerate the progress needed in the back-end – i.e., interpreting the data and taking action (security information and event management). Before (or after) the presentation, individuals interested in comparing their own organization's strategies, capabilities and use of technologies with those of the Best-in-Class (top 20%) as seen in Aberdeen's benchmark research are invited to visit a complimentary, easy-to-use online assessment tool at http://assessment.aberdeen.com/BF3G7hKBmi/index.aspx .

What separates "Best-in-Class" (top 20%) organizations from their "Industry Average" (middle 50%) and "Laggard" (bottom 30%) counterparts when it comes to various topics in IT Security? Aberdeen's unique, fact-based approach to market research provides a framework for end-user organizations to benchmark their own strategies, capabilities and use of enabling technologies against companies with top performance. Areas of coverage in Aberdeen's IT Security practice include topics in Identities and Access, Data Protection, IT Infrastructure Security (including Endpoints, Delivery Platforms, Applications and Databases, Networks, and Storage), Physical Infrastructure Security, Policies, and Security GRC (Governance, Risk Management, and Compliance). Complimentary access is provided to the full benchmark research reports, for a limited time after initial publication.